This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The monitoring application hosted on the remote server has a remote
code execution vulnerability.
A flaw exists within the brstart.exe service, which listens by
default on TCP port 9002. When handling a specially crafted SMARTS
request the process extracts a user provided value to allocate a
buffer via sm_read_string_length then blindly copies user supplied
data into this buffer on the heap. A remote, unauthenticated attacker
can exploit this vulnerability to execute arbitrary code under the
context of the service.
Note that Cisco Unified Service Monitor prior to version 8.6, Cisco
Unified Operations Manager prior to version 8.6, and CiscoWorks LAN
Management Solution software releases 3.1, 3.2, and 4.0 are affected.
Also note that these Cisco products use a bundled EMC SMARTS
application server, in which the vulnerability resides. As such,
multiple EMC Ionix products (ESA-2011-029) are also affected, but they
are not checked by this plugin as they may have a different attack
See also :
Upgrade to Cisco Unified Operations Manager 8.6 or later
Upgrade to Cisco Unified Service Monitor 8.6 or later
Apply patch and upgrade for CiscoWorks LAN Management Solution
releases 3.1, 3.2, and 4.0, with detailed instructions at
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false
Family: Gain a shell remotely
Nessus Plugin ID: 58004 ()
Bugtraq ID: 4962749644
CVE ID: CVE-2011-2738
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.